Nightmare Market Appears Poised For Exit Scam

According to an announcement on DarknetLive, Nightmare Market is indicating that it is about to conduct an exit scam. Signs that the event was about to take place included the fact that about one week ago, bitcoin transactions stopped working on the market.

According to an announcement on DarknetLive, Nightmare Market is indicating that it is about to conduct an exit scam. Signs that the event was about to take place included the fact that about one week ago, bitcoin transactions stopped working on the market.

Following the announcement, everything on the surface appeared to be working again, although unbeknownst to the users, a hacker had covertly depleted almost all of the coins from the market's bitcoin wallets. As a result, Nightmare had to use recent deposits in order to pay for previous withdrawals, causing them to descend into bankruptcy.

Disclosure on Dread

On July 23, a user on the forum Dread posted a thread called "I think you got hacked." Afterward, vendors began to disclose that they could not access their accounts, while other fearful posts popped up on Dread's frontpage. Most recently, one user made a post entitled Dread should ban the Nightmare sub, and Dark.fail should unlist them. In the post, he gave this reasoning:

I've previously seen /u/hugbunter ban and shut down shops that he has created for vendors who decided to exit scam or did something that wasn't right. While the whole charade with Nightmare isn't Dread's business, and Nightmare hasn't actually exit [sic] yet, but I think Dread shouldn't allow marketplaces that has [sic] been compromised in such way where user and vendors funds has been lost, regardless if the marketplace make a sob story saying they'll make up for the losses. Because they could say whatever to ensure as many users as possible still use their marketplace, and then eventually exit scam in order to collect as much money as possible.

A user going by the appropriate name of /u/ithinkyougothacked publicly shared the first and last words of a vendor's mnemonic, implying that he was responsible for the hack. Some vendors responded by confirming that these words were correct. The following conversation is also available on DarknetLive, but reproduced here:

Initially, claims of the hack were met with skepticism, as these sorts of allegations are made frequently by competitors looking to weaken opposing markets. Nonetheless, several other vendors later confirmed that they, too, had been locked out of their accounts, including the following:

According to DarknetLive, one of their staff contacted ithinkyougothacked to ask for proof that they had compromised Nightmare. Using an encrypted email exchange, the person in question shared the name of a brand new Nightmare Market account, and validated that they had access to a support panel, at the very least. They did so by promoting a user account to a vendor account (which normally requires a bond) free of charge.

Screenshot credit: DarknetLive.com

A similar situation occurred on the now-defunct WallStreet Market. Staff of markets such as Nightmare often handle small issues such as disputes over sales and technical issues via a user interface that is, in theory, unavailable to the public. A staff member of WallStreet distributed his login credentials with HugBunter (the admin of Dread) after the admins had perpetuated an exit scam. Afterward, a second staff member publicly posted his account information, along with the IP address of the Wall Street backend, on Dread.

DarknetLive provided more evidence to support the theory of this forthcoming exit scam, including issues with supposedly "confidential" messaging on the market, as well as problems with being able to withdraw bitcoin. For the full story, please see the article on DarknetLive (linked above).